Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Vlan routing Question

Hi All,

I am new to layer 3 switches + firewalls and my new job has both,

I would like some information about the routing of packets between the following devices and scenario :

(ROUTER) connected with FR to Internet

+

|

|

+

(FIREWALL)4 Ethernetin, out, DMZ1,DMZ2)

+ + + +

| | | |

| | | |

| | | |

+ + + +

(3750 switch)2 VLANs configured and GiEth1/0/2 is configured as Trunk

Each VLAN is connected on E2 and E3 of Firewall !!!

Now, how do VLAN1 and VLAN2 communicate with each other(IP Layer). Does the Routing occure inside the layer 3 switch, or is it going through the TRUNK port to the Firewall and then back from the firewall throught the TRUNK again to the switch ???

If this is the case, i do not see any route statements in the PIX. or does it do routing based on the interface IP addresses ???

I hope i made my self clear here !!!

Thanks,

George

1 ACCEPTED SOLUTION

Accepted Solutions
Bronze

Re: Vlan routing Question

Hi again,

the case is that when you do this at the fw and not on the 3750 is to use firewall features (rules for communication between vlan's)

Of course you can do acl's on the switch if its enabeled for layer 3 (vlan interfaces) and you want that, but with limited features (but maybe good enough) compared with the FW.

Keep in mind when using acl's on the switch you do not get wired speed.

HTH, check the scroll-box at the bottom rigth :)

BR,

Bjornarsb

3 REPLIES
Bronze

Re: Vlan routing Question

Hi,

Routing between vlan 1 and vlan 2 is done at the Firewall. You do not need routing of connected interfaces. However I believe that your FW has a default gateway towards your Router :)

BR,

Bjornarsb

New Member

Re: Vlan routing Question

Hi,

Yes indeed, the firewall has a default route to outside 0.0.0.0 0.0.0.0 which points to the IP of the router's E0.

So you say that i dont need any route information on the PIX as it 'knows' by means of the configured connected interfaces.

I understand that.

but why would someone do that, and send incoming and outgoing traffic over a 100 Mbps link(trunk at PIX side). Couldn't they configure routing between VLANs + ACLs to secure it on the 3750 switch itself and gain all the wire speed !!! ???

Any light on this one please ??

Thanks,

George

Bronze

Re: Vlan routing Question

Hi again,

the case is that when you do this at the fw and not on the 3750 is to use firewall features (rules for communication between vlan's)

Of course you can do acl's on the switch if its enabeled for layer 3 (vlan interfaces) and you want that, but with limited features (but maybe good enough) compared with the FW.

Keep in mind when using acl's on the switch you do not get wired speed.

HTH, check the scroll-box at the bottom rigth :)

BR,

Bjornarsb

109
Views
0
Helpful
3
Replies
CreatePlease login to create content